HeapAlloc, registers and access violation exception

[shlomok]

So it's not the linker, it's the assembler that creates havoc - see jne short 004010DD

I created two executables, the former without the ret and the later with the ret. Does that confirm with your analysis?

IDA shows the following:

(executable WITHOUT ret)

Code Select Expand


.686p
.mmx
.model flat


; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing


; Attributes: bp-based frame

; int __stdcall sub_401000(HANDLE hHeap,DWORD dwBytes)
sub_401000 proc near

hHeap= dword ptr  8
dwBytes= dword ptr  0Ch

push    ebp
mov     ebp, esp
push    edi
push    esi
push    ebx
push    [ebp+dwBytes]   ; dwBytes
push    8                      ; dwFlags
push    [ebp+hHeap]     ; hHeap
call    HeapAlloc
test    eax, eax
jnz     short $+2
pop     ebx
pop     esi
pop     edi
leave
retn    8
sub_401000 endp



exe WITH ret:

Code Select Expand


.686p
.mmx
.model flat


; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing


; Attributes: bp-based frame

; int __stdcall sub_401000(HANDLE hHeap,DWORD dwBytes)
sub_401000 proc near

hHeap= dword ptr  8
dwBytes= dword ptr  0Ch

push    ebp
mov     ebp, esp
push    edi
push    esi
push    ebx
push    [ebp+dwBytes]   ; dwBytes
push    8               ; dwFlags
push    [ebp+hHeap]     ; hHeap
call    HeapAlloc
test    eax, eax
jnz     short sub_40101E
pop     ebx
pop     esi
pop     edi
leave
retn    8
sub_401000 endp



[dedndave]

use JwAsm   :P

[shlomok]

what ever the reason, in the function allocateUsingHeapAlloc() the last RET is replaced by an INT3, which is followed by the import table. Maybe a bug of poasm?

I opened a bug here: http://www.masm32.com/board/index.php?topic=18694.0

And found an excellent post by Vortex on files and memory here:  http://www.masm32.com/board/index.php?topic=8375.0

Anyway, thanks to all the people who gave me a hand.

[shlomok]

Bug was fixed,

New version here: http://www.pellesc.de/index.php?page=download&lang=en&version=7.00